Target Corp. said on Friday that “strongly encrypted PIN data” were stolen in the hacking that compromised 40 million credit and debit card accounts between Thanksgiving and mid-December.

The company insisted, however, that the “PIN numbers are safe and secure,” adding that customers’ PIN information was fully encrypted when stolen. It said the PIN is encrypted within Target’s system and can only be decrypted when it’s received by its external, independent payment processor. “What this means is that the ‘key’ necessary to decrypt that data has never existed within Target’s system and couldn’t have been taken during this incident,” Target said.

Meanwhile, Target continues to deal with the aftereffects of the hacking which took place between Nov. 27 and Dec. 15. U.S. Senator Robert Menendez (D-NJ) said on Thursday he has sent a letter to the head of the Federal Trade Commission requesting an update regarding the breach. He also has asked the FTC to recommend any further legislative action that will ensure consumers are better protected. That could include holding retailers accountable for failures to protect consumers’ sensitive data.

About Behind the Storefront

Behind the Storefront is a blog about all things retail. It’s aimed at investors, shoppers and anyone else with a passion for learning about what drives consumer behavior. Hosted by Andria Cheng, Behind the Storefront will cover the business, brands and shopping behavior that’s behind some of the biggest companies, and largest employers, in the world. You can reach Andria at Acheng@marketwatch.com.